# 4.1 Where Things Live

Security in PTERI starts with **strict separation of responsibilities**.

Every component has a narrow role.\
No component is trusted with more than it absolutely needs.

***

#### On the User Device

The user device is the **only place where authority exists**.

It holds:

* Private keys
* Seed phrase
* Biometric enforcement
* Cryptographic signing

These elements never leave the device.

The device is treated as a **hard trust boundary**.

> If the device cannot be compromised, authority cannot be stolen.

***

#### On Kakr Infrastructure (Google Cloud)

Kakr infrastructure is **verification-only**.

It handles:

* Verification APIs
* Blockchain indexing
* Rate limiting
* Observability and monitoring

It does **not** hold:

* Private keys
* Seed phrases
* Biometrics
* Signing capability

Kakr infrastructure can **observe and verify**, but it cannot impersonate, recover, or override users.

> **Kakr never stores secrets.**\
> Not by policy — by design.

<figure><img src="/files/Nwv5dB0RmUUaKOTveQDG" alt=""><figcaption></figcaption></figure>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.kakrlabs.com/4.-architecture-and-security/4.1-where-things-live.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.